This Week’s Watch Out Wednesday shows the latest WordPress vulnerabilities including Beaver Builder, Event Calendar, Add User Role and more!
Plugin: Beaver Builder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 2.5.5.3
Recommended Action: Update the WordPress Beaver Builder plugin to the latest available version (at least 2.5.5.3).
Plugin: Add User Role
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 29, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Slickr Flickr
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 25, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Form Builder CP
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 1.2.32
Recommended Action: Update the WordPress Form Builder CP plugin to the latest available version (at least 1.2.32).
Plugin: WPtouch
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 4.3.44
Recommended Action: Update the WordPress WPtouch plugin to the latest available version (at least 4.3.44).
Plugin: Site Offline
Vulnerability: Bypass Vulnerability
Patched Version: 1.5.3
Recommended Action: Update the WordPress Site Offline plugin to the latest available version (at least 1.5.3).
Plugin: Zephyr Project Manager
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.2.5
Recommended Action: Update the WordPress Zephyr Project Manager plugin to the latest available version (at least 3.2.5).
Plugin: WPvivid Backup and Migration
Vulnerability: Other Vulnerability Type
Patched Version: 0.9.77
Recommended Action: Update the WordPress WPvivid Backup and Migration plugin to the latest available version (at least 0.9.77).
Plugin: Ultimate SMS Notifications for WooCommerce
Vulnerability: CSV Injection
Patched Version: 1.4.2
Recommended Action: Update the WordPress Ultimate SMS Notifications for WooCommerce plugin to the latest available version (at least 1.4.2).
Plugin: Visual Composer Website Builder
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available.
Plugin: WP Users Exporter
Vulnerability: CSV Injection
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of January 8, 2020 and is not available for download. Reason: Security Issue.
Plugin: Better Delete Revision
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 26, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Launcher: Coming Soon & Maintenance Mode
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. Ignored by the vendor.
Plugin: Polls Widget
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Event Calendar – Calendar
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Better Font Awesome
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: No patched version available.
Plugin: Advanced Order Export For WooCommerce
Vulnerability: Cross Site Scripting (XSS)
Patched Version: 3.3.2
Recommended Action: Update the WordPress Advanced Order Export For WooCommerce plugin to the latest available version (at least 3.3.2).
Plugin: wp-forecast
Vulnerability: Cross Site Scripting (XSS)
Patched Version: N/A
Recommended Action: No patched version is available. No reply from the vendor.
Plugin: Access Code Feeder
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: About Me
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: About Rentals
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Accommodation System
Vulnerability: Other Vulnerability Type
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: SEO Scout
Vulnerability: Cross Site Request Forgery (CSRF)
Patched Version: N/A
Recommended Action: Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin: Alphabetic Pagination
Vulnerability: Other Vulnerability Type
Patched Version: 3.0.8
Recommended Action: Update the WordPress Alphabetic Pagination plugin to the latest available version (at least 3.0.8).
***
Check out the WoW Archive for past Watch Out Wednesday posts.
0 Comments